[Smcwg-public] Considering CAA for the S/MIME Baseline Requirements

Stephen Davidson Stephen.Davidson at digicert.com
Mon Oct 30 18:27:42 UTC 2023


The S/MIME Certificate Working Group (SMCWG) of the CA/Browser Forum proposes to add a requirement for CAs issuing publicly-trusted S/MIME certificates to implement Certificate Authority Authorization (CAA) checking.  Public-trust CAs have used CAA for some time when issuing TLS certificates, and the new RFC 9495<https://www.rfc-editor.org/rfc/rfc9495.html> extends CAA with a new property tag for "issuemail".

The benefit is that domain holders will be able to specify CAs they authorize to issue certificates on their behalf separately for TLE and for S/MIME.

The current plan is to allow up to 12 months for CAs to implement CAA following publication of the amending ballot to the S/MIME Baseline Requirements<https://github.com/cabforum/smime/blob/main/SBR.md>.

The SMCWG is now starting work on that amending ballot.  We encourage both Certificate Issuers as well as PKI application software providers involved in issuing S/MIME certificates to become familiar with RFC 9495, and welcome feedback on the pending requirement and implementation timeframe.

With kind regards,

Stephen Davidson

Chair, S/MIME Certificate Working Group

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231030/af02ebdc/attachment.html>

More information about the Smcwg-public mailing list